Microsoft DirectShow Remote Code Execution Vulnerability (961373) Network Vulnerability

Summary

This host has critical security update missing according to Microsoft Bulletin MS09-011.

Impact

Successful exploitation on remote vulnerable system allow arbitrary code execution and can potentially compromise a user's system. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

Insight

DirectX application throws an an error when decompressing MJPEG content, and can be exploited via a specially crafted MJPEG file.

Affected

DirectX 8.1 and 9.0 on Microsoft Windows 2000 DirectX 9.0 on Microsoft Windows XP and 2003

References

http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0084
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
ADODB.Stream object from Internet Explorer (KB870669)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Take action and discover your vulnerabilities